Hello All, 

I have copied the F2F agreements and to do's below along with the response from the compliance team to our latest set of questions. 

I have put in a few comments in red below for discussion. 

F2F agreements

●     Subgroup analyzed findings for rec 4 implementation but has not formulated recommendations yet . 

●     Subgroup has not documented findings/analysis for its second objective yet, although it put forward two recommendations associated with that objective. 

●     The compliance and accuracy subgroups need to consider how to reconcile overlaps between their findings and recommendations.

●     Accuracy-related findings/issues remain in the accuracy subgroup report; however, recommendations related to compliance will be integrated into the compliance subgroup report.

●     Rec (4)1: All policies implemented should require metrics, measurement, auditing, tracking, reporting and enforcement by the compliance team. 

Rec (4)2: All DN registrations should be required to adhere to the WHOIS requirements in the 2013 RAA

To DO

●     Susan to confirm questions for ICANN compliance. Done

●     RDS-WHOIS2 Questions to Contractual Compliance 

●     WHOIS1 Rec #4: Compliance Subgroup
Follow-up emails to maguy.serad@icann.org from Alice Jansen on 20 April 2018 

●     1. Is it known (or can it be determined from ARS-sampled data) how often Registrant Contact data elements such as Registrant email address, Registrant postal address, and Registrant telephone number are absent from WHOIS records for grandfathered domain names? 

●     WHOIS Inaccuracy complaints created from the WHOIS Accuracy Reporting System (ARS) are processed in parallel with single and bulk submission of WHOIS Inaccuracy complaints. ICANN Contractual Compliance tracks and reports based on Syntax, Operability and Identity; more information about each category can be found at this link - https://features.icann.org/compliance/dashboard/archives#annual-detailsor on the WHOIS ARS reports. In addition, WHOIS Inaccuracy complaints are tracked for legacy and for new gTLDs. This data can be found in the monthly dashboards at this link: https://features.icann.org/compliance/dashboard/report-list. 

●     Contractual Compliance’s participation in the WHOIS ARS is limited to providing guidance for Registrar Accreditation Agreement obligations regarding syntax and accuracy, and processing complaints with inaccuracies identified by the WHOIS ARS. The WHOIS ARS program is managed by ICANN’s Global Domains Division. 

●     Interesting that the compliance team does not have an answer to this question   They do not seem to track the lack of information in the grandfathered domain names. Still have no idea if this is a problem.  

●     2. Why are a significant number of WHOIS Inacccuracy Complaints closed without any action being taken? What does Compliance treat as valid reasons for immediate ticket closure and are there any metrics for how often tickets are closed for each of those reasons? 

●     According to the ICANN Contractual Compliance 2017 Annual Reports 

●     https://features.icann.org/compliance/dashboard/2017/complaints-approach-process- registrars, out of approximately 25,000 WHOIS Inaccuracy complaints received during 2017, approximately 12,000 were closed before contacting the registrar.
Common reasons for closing a complaint before a 1st notice is sent to the registrar include: 

●     - The reporter not providing information requested to validate the complaint,
- The domain name is suspended when the complaint was received, or
- The complaint is outside of the scope of ICANN’s contractual authority (e.g., it is too broad or incomplete or is a request to change a registrant’s own domain name information). 

●     While certain WHOIS Inaccuracy complaints are automatically closed by the complaint processing system (including complaints for country code top-level domains and suspended domain names), for those that are not automatically closed, Contractual Compliance will attempt to validate the information in the complaint or obtain more information before closing the complaint. 

●          

●     1 

●     ICANN Contractual Compliance recently began reporting on closure reasons by complaint type, including those for WHOIS Inaccuracy complaints. These metrics are reported on a quarterly basis and the first quarter of 2018’s report is found at https://features.icann.org/compliance/dashboard/2018/q1/registrar-resolved-codes. 

In reviewing the additional information in the dashboard report it appears that many inaccuracy reports are not valid reports.  One issue we should look at is closing of inaccuracy reports due to the domain names being suspended previously.  

The WHOIS record still exists with suspended domain names and the registrar can choose to unsuspend at any moment.  The inaccuracy issue remains and should be addressed. 

●     3. What additional evidence in WHOIS Inaccuracy Complaints would Compliance find useful? 

●     Additional evidence in WHOIS Inaccuracy complaints that compliance might find useful if the reporter provides are listed below: 

●     - Evidence of returned mail sent to the postal address listed in the WHOIS information
- Evidence of a bounceback or undeliverable email notification for email sent to the email address listed in the WHOIS information
- Evidence or explanation why the telephone number listed in the public WHOIS is not accurate
- Evidence or explanation why the person or entity listed in the public WHOIS does not exist or is not the registered name holder (RNH) 

●     4. Does Compliance do any analysis of WHOIS Inaccuracy trends? If not, why not? For example, would a policy be necessary to enable trend analysis? 

●     ICANN Contractual Compliance does attempt to identify patterns and systemic issues of noncompliance within and across all of the complaint types. This effort is useful in identifying trends of issues and most importantly in identifying opportunities to conduct outreach or additional proactive monitoring. 

●     5. It shows that one of Compliance activities is ICANN-initiated monitoring to take proactive actions. What kind of monitoring programs have been conducted or planned? 

●     Please provide more information on what “It” refers to, so that Contractual Compliance may provide an accurate response. 

●     To address the question about the kind of monitoring programs –
Proactive monitoring is ICANN’s effort to take initiative in identifying potential issues instead of waiting for issues to happen. Proactive monitoring actions, to list a few, are: the audit program, review of blogs and social media, observed behavior from complaints, WHOIS Quality Review, review related to the DNS infrastructure for example, usability and format of data escrow files, or the automated monitoring system to ensure compliance with Specification 10 of the Registry Agreement. Contractual Compliance reports on the proactive monitoring activities in the Quarterly and Annual Report published on ICANN.org under Report & Blogs. 

●      

●     2 

●     6. Is there any monitoring program to check some common grounds or linkages among ARS, Audit Program, public complaints received, e.g. from specific registrar, gTLD, region? 

●     As stated in the response to question 5, ICANN monitors the observed behavior from complaints. For example, based on trends identified by Contractual Compliance (including review of WHOIS inaccuracy complaints submitted by the public and generated as a result of the WHOIS ARS), WHOIS Inquiry efforts were taken in 2016 that focused on registrars in China and Korea. These inquiries focused on issues with the 2013 RAA WHOIS Accuracy Specification Program (WAPS) requirements. These efforts continued for registrars in China, the United States, and other regions. Please refer to the annual update published at this link https://www.icann.org/en/system/files/files/annual-2016-31jan17-en.pdf. 

●     7. Does compliance credit-rate registrars or just treat all of them equally? 

●     ICANN treats all registrars equally and does not rate them. 

●     Please refer to the WHOIS1 Recommnedation 5-9 Data accuracy Subgroup for additional questions and responses regarding WHOIS ARS. 

●      

●     2)  WHOIS verification review out reach focused on the APAC region to ensure compliance with the 2013 RAA requirement to verify and validate WHOIS information. Registrars that could not demonstrate initial compliance collaborated with the team to update systems and processes to ensure future compliance. 

●     . 

●     Subgroup to try testing recommendation on WHOIS policies that are being examined by this review (e.g., PP, IDN) to see if metrics/monitoring/reporting and enforcement have been defined for those – In process 

●     Susan to formulate recommendation to include compliance taking a risk-based approach that is not just reactive - addressing systemic complaints and taking a risk-based approach – 

One of the follow up questions to the compliance team #6 they report that they have performed proactive monitoring of the WHOIS verification review in the APAC region.  There does not seem to be any other proactive approach concerning the WHOIS.  

We should recommend that they expand this monitoring to other areas of WHOIS compliance.  

What does the team recommend? 

●     Susan to examine CCT recommendation on DAAR to build this subgroup’s recommendation

CCT

Recommendation C: Further study the relationship between specific registry
operators, registrars and DNS abuse by commissioning ongoing data collection, including but not limited to, ICANN Domain Abuse Activity Reporting (DAAR) initiatives. For transparency purposes, this information should be regularly published in order to be able to identify registries and registrars that need to come under greater scrutiny and higher priority by ICANN Compliance. Upon identifying abuse phenomena, ICANN should put in place an action plan to respond to such studies, remediate problems identified, and define future ongoing data collection. 

●      

Susan to research 2013 RAA negotiation materials to determine any reasons for allowing grandfathering.

Have not found out any additional information on this but will continue to pursue 

Additional Points

ICANN should publicize the Bulk Whois inaccuracy submissions tool more widely.   Currently only 10 users have gone through the process  to be able to submit.   Last year only 3 submitters used the tool. 300 domain names at a time.  

Background Information:
ICANN Contractual Compliance provides a mechanism for bulk WHOIS inaccuracy complaint submissions, which allows a user to submit multiple complaints through a single file upload. Each user can submit up to 300 total complaints per week. The complaints are processed in the same method and queue for WHOIS inaccuracy complaints. Users of the bulk system must agree to mandatory terms of use, and their complaint quality is monitored by ICANN to ensure submission of complaints are within scope of the RAA and WHOIS requirements. There are currently approximately ten approved users for the bulk system, and within the past six months, three were active users. 

Look forward to our discussion tomorrow. 

Susan